Clie ntsg o fur ther , faste rwith Je ffre y Ja c o b s, E sq . - - PowerPoint PPT Presentation

Clie ntsg o fur ther , faste rwith

Je ffre y Ja c o b s, E sq . Dillo n Cra ig Do minic Cutri Ma rc h 13, 2018 Pe o ple . Pa rtne rship. Pe rfo rma nc e .

Are Yo u Re a dy?

Ge ne ra l Da ta Pro te c tio n Re g ula tio n

Wha t is the GDPR a nd wha t we nt b e fo re ?

• T

he muc h a ntic ipa te d Ge ne ra l Da ta Prote c tion Re g ula tion

(GDPR) is the ne xt b ig c ha lle ng e o n the da ta priva c y ho rizo n.

• T

he GDPR will a pply a c ro ss the E

urope a n E c onomic Are a (“E E A”) fro m 25 Ma y 2018 whe n the Da ta Pro te c tio n Dire c tive

95/ 46/ E C(“Dire c tive ”) is re pe a le d.

• T

he Dire c tive so ug ht to pro te c t the rig hts a nd fre e do ms o f individua ls re la ting to the pro c e ssing o f Pe rso na l Da ta while se e king to e nsure a fre e flo w o f pe rso na l da ta b e twe e n Me mb e r Sta te s. GDPR

Why wa s the re a ne e d fo r c ha ng e ?

• Sub sta ntia l inc re a se in c ross- borde r da ta

flows

• T

hre a ts po se d b y ra pid te c hnolog ic a l

c ha ng e a nd g loba lisa tion

• Pa tc hwork o f c o untry-b y-c o untry Dire c tive

imple me nting re g ula tio ns

• Ne e d to b a la nc e the rig hts of individua ls to

pro te c t the ir pe rso na l da ta a nd the

inte re sts of busine sse s a nd public a uthoritie s in pro c e ssing tha t da ta

Aims o f the GDPR

T he GDPR e nvisa g e s:

• a c o he re nt da ta pro te c tio n fra me wo rk;
• stro ng e nfo rc e me nt;
• da ta pro te c tio n a s pa rt o f the de ve lo pme nt o f the dig ita l e c o no my a c ro ss

the inte rna l ma rke t;

• g re a te r c o ntro l b y individua ls o f the ir pe rso na l da ta ; a nd
• e nha nc e d le g a l a nd pra c tic a l c e rta inty fo r individua ls, b usine sse s a nd pub lic

a utho ritie s. GDPR

Wha t kind o f info rma tio n is “Pe rsona l Da ta”?

Pe rsona l da ta is a ny info rma tio n re la ting to a n ide ntifie d o r ide ntifia b le na tura l

pe rso n (the Da ta Sub je c t). F

• r e xa mple a na me , a n ide ntific a tio n numb e r, a n

a c c o unt numb e r, lo c a tio n da ta , a n o nline ide ntifie r o r o ne o r mo re fa c to rs spe c ific to the physic a l, physio lo g ic a l, g e ne tic , me nta l, e c o no mic , c ultura l o r so c ia l ide ntity o f a na tura l pe rso n.

Wha t do e s "Proc e ssing" me a n?

Proc e ssing me a ns a ny o pe ra tio n tha t is pe rfo rme d o n pe rso na l da ta , suc h a s

c o lle c tio n, re c o rding , sto ra g e , a da pta tio n o r a lte ra tio n, re trie va l, use , disc lo sure b y tra nsmissio n, disse mina tio n o r o the rwise ma king a va ila b le , c o mb ina tio n, re stric tio n, e ra sure o r de struc tio n. E

sse ntia lly, a nything tha t is done to or with pe rsona l da ta is “proc e ssing ”.

“Da ta Pro te c tio n”: who is be ing prote c te d?

T he Da ta Sub je c t is b e ing pro te c te d. GDPR pro vide s a b a la nc e b e twe e n the Da ta Sub je c t’ s rig hts re g a rding the pro c e ssing o f his o r he r pe rso na l da ta with the rig hts o f o rg a nisa tio ns to pro c e ss pe rso na l da ta in the c o urse o f b usine ss a nd in a c c o rda nc e with the ir o b lig a tio ns unde r GDPR.

Who c ontrols yo ur pe rsona l da ta?

T he Controlle r is the na tura l o r le g a l pe rso n, pub lic a utho rity, a g e nc y o r a ny

• the r e ntity tha t a lo ne o r jo intly with o the rs de te rmine s the purpo se s a nd me a ns
• f the pro c e ssing o f pe rsona l da ta.

Who proc e sse s yo ur pe rsona l da ta?

T he Proc e ssor is a na tura l o r le g a l pe rso n, pub lic a utho rity, a g e nc y o r a ny o the r e ntity tha t pro c e sse s pe rso na l da ta o n be half o f the c o ntro lle r.

Wha t a re the e sse ntia l diffe re nc e s b e twe e n

c ontrolle rs a nd proc e ssors?

T he c ontrolle r ha s o ve ra ll c o ntro l o ve r the da ta pro c e ssing . T he c o ntro lle r de c ide s to c o lle c t the pe rso na l da ta in the first pla c e a nd de te rmine s the le g a l b a sis fo r do ing so ; de te rmine s the purpo se (s) fo r whic h the da ta will b e use d; a nd de c ide s whe the r to disc lo se the da ta a nd, if so , to who m. T he proc e ssor use s its te c hnic a l kno wle dg e to de c ide ho w to c a rry o ut the da ta pro c e ssing o n b e ha lf o f the c o ntro lle r - wha t I T syste ms o r o the r me tho ds to use to c o lle c t pe rso na l da ta ; ho w to sto re the pe rso na l da ta ; a nd, the me a ns use d to tra nsfe r the pe rso na l da ta fro m o ne o rg a nisa tio n to a no the r - it c a nno t ma ke a ny o f the o ve ra rc hing de c isio ns o f the c o ntro lle r a s de sc rib e d a b o ve .

Pro c e ssing Pe rso na l Da ta

I n o rde r to pro c e ss pe rso na l da ta , yo u must ha ve a la wful b a sis fo r do ing so :

• Co nse nt o f the Da ta Sub je c t;
• E

nte ring into a c o ntra c t;

• F

ulfilling the Co ntro lle r’ s le g a l o b lig a tio n;

• F

urthe ring a vita l inte re st o f the Da ta Sub je c t o r a no the r individua l;

• Pub lic I

nte re st;

• L

e g itima te inte re sts o f the Co ntro lle r. Of the se we will lo o k a t the first in mo re de ta il.

Ba se s fo r Pro c e ssing : Conse nt

T he data subje c t has give n his o r he r c o nse nt to the pro c e ssing o f his o r he r pe rso nal data fo r o ne o r mo re spe c ifie d purpo se s.

Conse nt is de fine d a s “a ny fre e ly g ive n, spe c ific , informe d a nd una mbig uous indic a tio n o f

the da ta sub je c t wishe s b y whic h he o r she , b y a sta te me nt o r b y a c le a r a ffirma tive a c tio n, sig nifie s a g re e me nt to the pro c e ssing o f pe rso na l da ta re la ting to him o r he r.

F re e ly Give n: Co nse nt is no t fre e ly g ive n, if the da ta sub je c t ha s no g e nuine o r fre e c ho ic e

• r is una b le to re fuse o r withdra w c o nse nt witho ut de trime nt. F
• r e xa mple , whe re the re is a

c le a r imb a la nc e o f po we r b e twe e n the c o ntro lle r a nd da ta sub je c t, suc h a s in a n e mplo ye r-e mplo ye e re la tio nship. Additio na lly, whe re the pe rfo rma nc e o f a c o ntra c t, inc luding the pro visio n o f a se rvic e , is de pe nde nt o n the c o nse nt de spite suc h c o nse nt no t b e ing ne c e ssa ry fo r suc h pe rfo rma nc e , c o nse nt ma y no t b e fre e ly g ive n.

Informe d: F

• r c o nse nt to b e info rme d, the da ta sub je c t sho uld kno w the ide ntity o f the

c o ntro lle r a nd the pro c e sso r a nd the purpo se (s) o f the pro c e ssing .

Ba se s fo r Pro c e ssing :

De monstra ting Conse nt

Onc e ha ving suc c e e de d in o b ta ining the c o nse nt o f the da ta sub je c t to the pro c e ssing in q ue stio n, the c o ntro lle r must b e a b le to

de monstra te tha t the da ta sub je c t ha s g ive n

his o r he r c o nse nt. A c o ntro lle r must, the re fo re , ke e p up-to -da te re c o rds o f a ll da ta sub je c t c o nse nts tha t ha ve b e e n re c e ive d.

YE S NO

✔

Conse nt Withdra wa l

• A da ta sub je c t ha s the rig ht to withdra w

c onse nt to pro c e ssing a t a ny time .

• T

he withdra wa l do e s no t a ffe c t the la wfulne ss

• f pro c e ssing tha t to o k pla c e b e fo re the

withdra wa l.

• T

he da ta sub je c t must b e to ld a b o ut this rig ht b e fo re g iving c o nse nt.

“I t sha ll b e a s e a sy to withdra w a s to g ive c o nse nt”

YE S NO

✔

Da ta Sub je c t Rig hts

• Rig ht o f a c c e ss to pe rso na l da ta
• Rig ht to re c tific a tio n o f pe rso na l da ta
• Rig ht to e ra sure (“rig ht to b e fo rg o tte n”)
• Rig ht to re stric tio n o f pro c e ssing
• Rig ht to da ta po rta b ility
• Rig ht to o b je c t to pro c e ssing
• Rig ht no t to b e sub je c te d to a uto ma tic pro c e ssing inc luding pro filing

We sha ll lo o k a t the first a nd third o f the se rig hts in a b it mo re de ta il. But first … GDPR

Da ta Sub je c t Rig hts:

How long do you ha ve to re spond?

• Re spo nse re q uire d “witho ut undue de la y”
• At the la te st within a mo nth
• F

urthe r e xte nsio n up to two mo nths de pe nding o n c o mple xity a nd numb e r o f re q ue sts GDPR

Rig hts o f the Da ta Sub je c t:

Subje c t Ac c e ss Re que st

I n the time fra me se t o ut, a nd fo llo wing a writte n re q ue st, yo u must pro vide the individua l with:

• Co nfirma tio n o f whe the r his / he r pe rso na l da ta a re b e ing

pro c e sse d;

• Ac c e ss to tha t da ta ;
• Supple me nta l info rma tio n.

GDPR

Sub je c t Ac c e ss Re q ue sts: T

he Proc e ss

• Se a rc h fo r, ide ntify & re trie ve da ta fro m the c lie nt’ s syste ms;
• Co lle c t, pro c e ss a nd a na lyse the da ta ;
• Sub je c t the da ta to re da c tio n whe re re q uire d;
• Pro vide the re spo nse within the time limit de sc rib e d to the individua l.

Rig hts o f the Da ta Sub je c t: Rig ht to be F

• rg otte n

I ndividua ls ha ve the rig ht to ha ve the ir pe rso na l da ta “e ra se d”, g e ne ra lly whe re the pro c e ssing o f tha t da ta do e s no t me e t GDPR re q uire me nts:

• the rig ht c a n b e e xe rc ise d a g a inst c o ntro lle rs;
• the c o ntro lle r must re spo nd within the time limits (“witho ut undue de la y” o r within o ne

mo nth);

T he rig ht a pplie s:

• whe re the purpo se fo r pro c e ssing the pe rso na l da ta no lo ng e r a pplie s;
• whe re the pro c e ssing wa s b a se d o n the c o nse nt o f the individua l a nd the individua l

withdra ws c o nse nt;

• whe re the pro c e ssing wa s b a se d o n the c o ntro lle r’ s le g itima te inte re sts, the individua l
• b je c ts a nd the c o ntro lle r c a nno t sho w tha t suc h le g itima te inte re sts re ma in;
• whe re the pe rso na l da ta ha ve b e e n pro c e sse d unla wfully;
• whe re the c o ntro lle r is sub je c t to a le g a l o b lig a tio n, c o mplia nc e with whic h re q uire s the

e ra sure o f the pe rso na l da ta .

Rig hts o f the Da ta Sub je c t:

Rig ht to be F

• rg otte n but not quite (2)

E xc e ptio ns to the rig ht a pply whe re pro c e ssing is re q uire d:

• fo r e xe rc ising the rig ht o f fre e do m e xpre ssio n a nd info rma tio n;
• fo r c o mplia nc e with a le g a l o b lig a tio n:
• fo r re a so ns o f pub lic inte re st in the a re a o f pub lic he a lth o r sa fe ty;
• fo r the e sta b lishme nt, e xe rc ise o r de fe nc e o f le g a l c la ims.

Rig hts o f the Da ta Sub je c t: Sa nc tions

Pe na ltie s fo r fa ilure to re spo nd pro pe rly to a sub je c t a c c e ss re q ue st o r to re q ue sts re la ting to o the r da ta sub je c t rig hts a re se t in the hig he r b ra c ke t a va ila b le to re g ula to rs: up to 4 % of a n org a nisa tion’s g ross worldwide a nnua l

turnove r or E uro 20,000,000.

Se c urity o f pro c e ssing :

De monstra ting Complia nc e

As me ntio ne d e a rlie r, a ke y re q uire me nt o f GDPR is the a c c o unta b ility princ iple : No t o nly must the c o ntro lle r c o mply with GDPR b ut must b e a b le to de mo nstra te c o mplia nc e .

• I

n re la tio n to se c urity o f pro c e ssing , GDPR Artic le 24 pro vide s tha t sub je c t to spe c ific c o nditio ns a nd in re la tio n to the le ve l o f risk c o nditio ns the c o ntro lle r sho uld imple me nt a ppro pria te te c hnic a l a nd o rg a nisa tio na l me a sure s to e nsure a nd to be

a ble to de monstra te tha t proc e ssing is pe rforme d in a c c orda nc e with the Re g ula tion.

• Additio na lly, …

GDPR

Se c urity o f pro c e ssing : le ve l of se c urity

• GDPR Artic le 32 pro vide s tha t c o ntro lle rs a nd pro c e sso rs must,

sub je c t to spe c ific c o nditio ns a nd in re la tio n to le ve l o f risk, “imple me nt a ppro pria te te c hnic a l a nd o rg a nisa tio na l me a sure s to e nsure a le ve l of se c urity a ppropria te to the risk”

E xa mple s of suc h me a sure s inc lude :

• the pse udo nymisa tio n o r e nc ryptio n o f the da ta ;
• the a b ility to e nsure the o ng o ing c o nfide ntia lity, inte g rity, a va ila b ility a nd

re silie nc e o f pro c e ssing syste ms a nd se rvic e s;

• the a b ility to re sto re the a va ila b ility a nd a c c e ss to pe rso na l da ta in a time ly

ma nne r in the e ve nt o f a physic a l o r te c hnic a l inc ide nt; a nd

• a pro c e ss fo r re g ula rly te sting , a sse ssing a nd e va lua ting the e ffe c tive ne ss o f

te c hnic a l a nd o rg a nisa tio na l me a sure s fo r e nsuring the se c urity o f the pro c e ssing . GDPR

Pe rso na l da ta b re a c he s

GDPR se ts o ut a de ta ile d no tific a tio n re g ime re la ting to pe rso na l da ta b re a c he s fo r c o ntro lle rs a nd pro c e sso rs. A pe rso na l da ta b re a c h o c c urs whe n the re ha s b e e n “a bre ac h o f se c urity le ading

to the ac c ide ntal o r unlawful de struc tio n, lo ss, alte ratio n, unautho rise d disc lo sure o f,

• r ac c e ss to , pe rso nal data transmitte d, sto re d, o r o the rwise pro c e sse d.”

Whe n a pe rsona l da ta bre a c h oc c urs:

• Pro c e sso rs must info rm c o ntro lle rs o f the b re a c h;
• Co ntro lle rs must info rm the re g ula to r o f the b re a c h (unle ss the bre ac h is unlike ly to

re sult in a risk to the rights and fre e do ms o f individuals); a nd in so me c irc umsta nc e s

• Co ntro lle rs must info rm the da ta sub je c ts who se pe rso na l da ta a re invo lve d;
• Co ntro lle rs must ke e p a n up-to -da te re g iste r o f a ll pe rso na l da ta b re a c he s,

inc luding the fa c ts re la ting to the b re a c h, its e ffe c ts a nd a ny re me dia l a c tio n ta ke n. T he re g iste r must b e a va ila b le to the re g ula to r so tha t it c a n ve rify the c o ntro lle r’ s c o mplia nc e .

Pe rso na l da ta b re a c he s

T iming

• A c o ntro lle r must info rm the re g ula to r o f a b re a c h “witho ut undue

de la y” a nd a t the la te st within 72 hours of le a rning of the bre a c h

• A pro c e sso r must info rm the c o ntro lle r without undue de la y a fte r b e c o ming

a wa re o f a pe rso na l da ta b re a c h. Sa nc tions Pe na ltie s fo r the fa ilure o f c o ntro lle rs a nd / o r pro c e sso rs to me e t the o b lig a tio ns re la ting to pe rso na l da ta b re a c he s a re se t in the lo we r b ra c ke t a va ila b le to re g ula to rs: up to 2 % of a n org a nisa tion’s g ross a nnua l worldwide turnove r or E

uro 10,000,000.

T ra nsfe rring Pe rso na l Da ta o utside the E E A

T he rule

• T

ra nsfe rs o f pe rso na l da ta unde rg o ing pro c e ssing

• r to b e pro c e sse d to third c o untrie s o r inte rna tio na l
• rg a nisa tio ns “sha ll ta ke pla c e o nly” if the c o nditio ns

se t o ut a re c o mplie d with.

• Bro a dly the re a re thre e pro c e sse s unde r whic h suc h a tra nsfe r c a n b e la wfully

ma de a nd, in re spe c t o f tra nsfe rs to the US, the Priva c y Shie ld. Sa nc tions Pe na ltie s fo r infring ing the pro visio ns o f GDPR re la ting to the tra nsfe rs o f pe rso na l da ta to a re c ipie nt in a third c o untry o r a n inte rna tio na l o rg a nisa tio n a re se t in the hig he r b ra c ke t a va ila b le to re g ula to rs: up to 4 % of a n org a nisa tion’s g ross

a nnua l worldwide turnove r or E uro 20,000,000.

T ra nsfe rring Pe rso na l Da ta o utside the E E A

Ade qua c y

• 1. T

he third c o untry ha s b e e n a sse sse d b y the E uro pe a n Co mmissio n a s pro viding a de q ua te le ve ls

• f pro te c tio n tha t:
• a re e sse ntia lly e q uiva le nt to tha t e nsure d b y the Unio n; a nd
• pro vide da ta sub je c ts with e ffe c tive a nd e nfo rc e a b le rig hts a nd, impo rta ntly,

me a ns o f re dre ss. F e w c o untrie s ha ve a c hie ve d this: Ando rra , Arg e ntina , Ca na da*, Switze rla nd, F a e ro I sla nds, Gue rnse y, I sra e l, I sle o f Ma n, Je rse y, E a ste rn Re pub lic o f Urug ua y a nd Ne w Ze a la nd.

T ra nsfe rring Pe rso na l Da ta o utside the E E A

Appropria te Sa fe g ua rds T ra nsfe rs c a n b e ma de whe re the c o ntro lle r o r pro c e sso r pro vide s a ppro pria te sa fe g ua rds, a nd o n c o nditio n tha t “e nfo rc e a b le da ta sub je c t rig hts a nd e ffe c tive le g a l re me die s fo r da ta sub je c ts a re a va ila b le .”

E xa mple s inc lude :

• intra -o rg a nisa tio n b inding c o rpo ra te rule s;
• sta nda rd c o ntra c tua l c la use s;
• le g a lly b inding c la use s b e twe e n pub lic a utho ritie s;
• a ppro ve d c o de s o f c o nduc t o r c e rtific a tio n me c ha nisms with b inding a nd

e nfo rc e a b le c o mmitme nts o f the c o ntro lle r o r pro c e sso r in the third c o untry to a pply the a ppro pria te sa fe g ua rds

T ra nsfe rring Pe rso na l Da ta o utside the E E A

De rog a tions

T he re a re a numb e r o f de ro g a tio ns whic h a llo w fo r tra nsfe rs to b e ma de in limite d c irc umsta nc e s. T he se a g a in a re simila r to the e xe mptio ns unde r the Da ta Pro te c tio n Dire c tive a nd inc lude :

• the da ta sub je c t ha s pro vide d “e xplic it c o nse nt” to the tra nsfe r ta king pla c e ;*
• the tra nsfe r is ne c e ssa ry fo r the pe rfo rma nc e o f a c o ntra c t;
• the tra nsfe r is ne c e ssa ry fo r the e sta b lishme nt, e xe rc ise o r de fe nc e o f le g a l c la ims.

An a dditio na l de ro g a tio n a llo ws fo r the no n-re pe titive tra nsfe r o f the pe rso na l da ta o f a limite d numb e r o f da ta sub je c ts, whe re the tra nsfe r is ne c e ssa ry fo r the c o mpe lling le g itima te inte re sts o f the c o ntro lle rs (tha t a re no t o ve rridde n b y the inte re sts a nd rig hts o f the da ta sub je c ts). T he c o ntro lle r must a sse ss a nd do c ume nt a ll the c irc umsta nc e s o f the tra nsfe r a nd c o nc lude tha t the y pro vide a de q ua te sa fe g ua rds re g a rding the pro te c tio n o f pe rso na l da ta . Additio na lly, the c o ntro lle r must info rm the supe rviso ry a utho rity a nd the da ta sub je c ts o f the tra nsfe r unde r this de ro g a tio n.

T ra nsfe rring Pe rso na l Da ta o utside the E E A

Priva c y Shie ld T he E U / US Priva c y Shie ld c a me into e xiste nc e o n 12 July 2016. I t re pla c e d the Sa fe Ha rb o ur Sc he me , whic h wa s de e me d inva lid b y the E uro pe a n Co urt o f Justic e . I t pro vide s tha t:

• US o rg a nisa tio ns ma y se lf-c e rtify to me e ting the sta nda rds se t o ut in the Priva c y

Shie ld;

• T

he E uro pe a n Co mmissio n ma y c o nduc t pe rio dic re vie ws to a sse ss the le ve l o f pro te c tio n pro vide d b y the Priva c y Shie ld; a nd

• An o mb udsma n me c ha nism, whic h purpo rts to pro vide a n e ffe c tive re me dy

c o mpa ra b le to tha t a va ila b le unde r E uro pe a n la w, fo r individua ls who se pe rso na l da ta , tra nsfe rre d to the US unde r the Priva c y Shie ld, ha s b e e n a c c e sse d a nd pro c e sse d b y US a utho ritie s o n na tio na l se c urity g ro unds.

T ra nsfe rring Pe rso na l Da ta o utside the E E A

Priva c y Shie ld a nd Sta nda rd Contra c t Cla use s: T he Data Pr

• te c tio n Co mmissio ne r

v F ac e bo o k Ir e land L imite d and Maximillian Sc hr e ms.*

• Mr Sc hre ms’ pe rso na l da ta ha d b e e n tra nsfe rre d b y F

a c e b o o k I re la nd to F a c e b o o k I nc . in the US pursua nt to sta nda rd c o ntra c t c la use s;

• He c o mpla ine d tha t the le g a l re g ime in the US did no t a ffo rd his pe rso na l da ta the pro te c tio n to

whic h he wa s e ntitle d unde r E uro pe a n la w.

• T

he Da ta Pro te c tio n Co mmissio ne r ha d we ll-fo unde d c o nc e rns tha t individua ls’ pe rso na l da ta wa s no t pro te c te d a s it wo uld b e unde r E uro pe a n la w a nd tha t US la w did no t pro vide a n e ffe c tive re me dy c o mpa ra b le to tha t a va ila b le unde r E U la w fo r individua ls who se pe rso na l da ta ha d b e e n a c c e sse d a nd pro c e sse d b y US a g e nc ie s o n na tio na l se c urity g ro unds.

• She fo und tha t sa fe g ua rds purpo rte dly c o nstitute d b y the SCCs did not a ddre ss the o b je c tio n tha t

the re wa s no e ffe c tive re me dy unde r US la w.

T he Irish Hig h Court, c onc urring with the “we ll- founde d c onc e rns” of the Da ta Prote c tion Commissione r, ma de two re fe re nc e s to the Court of Justic e of the E urope a n Union (CJE U):

• Whe the r the E

uro pe a n Co mmissio n de c isio ns re la ting to the SCCs we re va lid; a nd

• Whe the r the Priva c y Shie ld Omb udsma n me c ha nism pro vide d a n e ffe c tive re me dy c o mpa ra b le to

tha t a va ila b le unde r E U la w.

T ra nsfe rring Pe rso na l Da ta o utside the E E A

Priva c y Shie ld a nd Sta nda rd Contra c t Cla use s: T he Data Pr

• te c tio n Co mmissio ne r

v F ac e bo o k Ir e land L imite d and Maximillian Sc hr e ms.*

• Org a nisa tio ns ma y still use SCCs a nd the Priva c y Shie ld until a de c isio n o f the CJE

U sta te s

• the rwise .

But, a s one c omme nta tor ha s opine d:

• “T

his is c le a rly a ve ry unsa tisfa c to ry sta te o f a ffa irs fo r a ny o rg a nisa tio ns lo o king to tra nsfe r da ta o utside o f E uro pe a s this re fe re nc e to the CJE U pla c e s c o nside ra b le do ub t o n the SCCs a nd po ssib ly a lso Priva c y Shie ld.”*

Anothe r c omme nta tor wa rns tha t:

• ““…the re a ssuring no ise s ma de b y the E

uro pe a n Co mmissio n, the Artic le 29 Wo rking Pa rty a nd so me na tio na l re g ula to rs, a s we ll a s va rio us pra c titio ne rs, a b o ut the o ng o ing va lidity o f Sta nda rd Co ntra c t Cla use s ha s a lwa ys ha d mo re o f a ring o f pra c tic a lity-drive n

• ptimism tha n princ iple a b o ut it.”**

F

• r furthe r info rma tio n:

Dillon Cra ig Dire c tor, L e g a l Solutions DCra ig @e piqg loba l.c om (416) 557- 8222 Dominic Cutri Dire c tor, L e g a l Solutions Dominic .Cutri@e piqg loba l.c om (973) 819- 6722 Je ffre y Ja c obs, E sq. Se nior Dire c tor, Informa tion Gove rna nc e Consulting jja c obs@e piqg loba l.c om (202) 361- 9887

worldwide

r eso ur c efulness

Pe o ple . Pa rtne rship. Pe rfo rma nc e . e piqg lo bal.c o m 32

7,000pe o ple 100 o ffic e s 14 d a ta c e nte rs 50 ma rke ts

Busine ss Pro c e ss So lutio ns Cla ss Ac tio n & Ma ss T

• rt

Co urt Re po rting e Disc o ve ry Re g ula to ry & Co mplia nc e Re struc turing & Ba nkruptc y

30 Pe o ple . Pa rtne rship. Pe rfo rma nc e . e piq g lo b al.c o m

Pe o ple . Pa rtne rship. Pe rfo rma nc e .

E piq is a le a ding g lo b a l pro vide r o f inte g ra te d te c hno lo g y, c o nsulta tive a nd a dministra tive se rvic e s fo r the le g a l pro fe ssio n. Our so lutio ns stre a mline the a dministra tio n o f litig a tio n, inve stig a tio ns, fina nc ia l tra nsa c tio ns, re g ula to ry c o mplia nc e a nd o the r c ritic a l b usine ss o pe ra tio ns. E piq ’ s sub je c t-ma tte r e xpe rts a nd te c hno lo g ie s b ring c la rity to c o mple xity, c re a te e ffic ie nc y thro ug h e xpe rtise , a nd de live r c o nfide nc e to hig h-pe rfo rming c lie nts a ro und the wo rld.

e piq g lo b a l.c o m